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CLAIMS 

VI. A system of managing the security of data 
processing applications, characterised in that : 

- Vthe data processing applications are recorded in 
director^ files (Repl, Rep2, Rep31, Rep32, Rep41, Rep42, 
Rep51, Rej^52) organised in an n-level tree, the level 1 
directory (\lepl) being the highest level ; and 

- a ni\mber r of security registers (R) which can 
each be allocated to a single directory and each 
security register (R) containing all the rights or 
secrets SI to\ Sp whixrh have been granted under a 
directory , 

2 . A method of managing the security of data 
processing applications in a system according to Claim 
1, characterised iVi that it comprises the following 
steps consisting of 

(a) storing in \security registers (R) the rights 
(SI to Sp) granted und^r a directory (Rep) according to 
given rules (RG1, RG2, f^G3) 

(b) seeking in th^ tree the secrets presented 

and 

(c) verifying the knowledge of one or more rights 
at the level of the data processing application. 

3. A method according \o Claim 2, characterised in 
that the storage rules of step\ (a) are as follows 

(RG1) : allocation of a \security register (R) to 
the current directory as soon\ as a right has been 
granted under this directory o^ the said security 



V h ^ri if a right has already been 

reVster has been updated if a 

gra \ted under this directory ; ^ 

^ 2 1 10SS ° f "t"^ a new directory 

—V " :rT f th -cted directory is the 

is selected except if the 

child ofVhe old current directory; d 
(RG3M allocating the security regxst 

\ rurrent directory if the 

, lf L to the new current 
the earliest to 

security renters are all allocated ^ 
, a \ method according to Claim 

V f h»t step (b) consists of applying the 
characterised^ that step tbl 

following " le Y; SlSti t n h g at ° £ tte secret presented ,S, i. 

tRG 4, -Afymg that direc tory at 

known in the current d^ectory <Nr> 

a higher level. \ 1^/ claim 2 , 3 or 4, 

5 . A method, according follo „ing 
characterised in th\t step ( b, oompnses 

int ermediate steps ^7^^ current dir ectory at 

(bl) seeking a secret 
level and ,erifyin\the existence of 

within the application ; \ veri£ying that the 

(b2) if this secret \S> exist 

„f the secret hVs succeeded ; 
presentation of the \ suo ceeded, the right 

if the presentation \has 

associated with the secret ,k is panted 

(Nil of the current £ailed , th . right 

1£ the presentation has ^ ^ 

associated with the secret (3) V= 
attempted presentation is terminated ; 
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\ (b3) if this secret (S) does not exist within the 
current application at level (Ni), seeking whether this 
secrety (S) exists within the parent application at level 
N(i-l) \ 

5 (b4) if this secret (S) exists in the parent 

application at level B(i-l), verifying that the 
presentation has succeeded ; 

if \.he presentation has succeeded, the right 
associated with the secret (S) is granted in the current 
10 application aV level (Ni) ; 

if the presentation has failed, the right 
associated witl\ the secret (S) is not granted and the 
attempted presentation is terminated ; 

(b5) if tKe seci2 / et N y does not exist within the 
15 parent application ak llevel N(i-l), seeking the 
existence of the \ sedrd: at the level of the 

application at level N(i-2) along the hierarchical axis 
and verifying that th\e presentation has succeeded ; 

and so on as f aA as the highest hierarchical level 
20 as long as the existence of the secret (S) has not been 
discovered ; • \ 

(b6) if the secret\ (S) has not been discovered, 
the attempted presentation Vis terminated. 

6. A method according to one of the preceding 
25 Claims 2 to 5, characterised in that the step (c) 
consists of applying the following rule consisting of : 

(RG5) authorisation on a function requiring 
knowledge of a secret (S) irV and only if, running 
through the tree along the hierarchical axis from the 
30 current application to the root application, the first 
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^ a f least one of the applications 
sNecret (S) is known to at lease o»<= 

longing to the t«e section for ^ the current 
aptcation and the application containing the secret 

(S) Vre delimiters- 

\ 7 A method according to one of the pr.edu* 
ClaiA 1 to 6, characterised in that step ,c, comprises 
the following steps consisting of : 

,A, verifying that a security register rs 
associate\with the current application at level N r , 

, c2 \.uthori.ln, the function if the securrty 
register covins the required right and terminating the 

verification \ 

( c3) see\ing the existence of the reference secret 

■«-*,- ^hP Vrrent Application at level Ni if no 
S within the current wyi 

• X Is Associated with the current 
security registe,r is a^socy 

... or i\ the assisted register does not 

application or i\ tne 

contain the required right ; 

(c4 ) refusingVhe function and terminating the 

■f the \ecret exists within the current 
verification if the Secret 

application ; \ . 

(c5 ) verifying \at a security regrster 
associated with the pareV application at level «,H 

,.„ t iA if the reference secret b 
of the current application ir tne 

does not exist within the Went application at level 

(o6 ) authorising the fusion and terminating the 
verification if the security rWster 

the parent application contains >he right regurred for 
using the function ; \ 
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Cc7) seeking the existence of the reference secret 
S withirrv the parent application at level N(i-l) of the 
current ^application if no security register is 
associated \ with the parent application or if the 
5 associated ^security register does not contain the 
required righ-cv ; 

(c8) refusing the function and terminating the 
verification if Vhe reference secret S exists within the 
parent applicatiori at level N(i-l) ; 
10 (c9) verifying/ /that a security register is 

associated with th^^Aandp&rent application at level 
N(i-2) of the current\ application along the hierarchical 
axis of the currentX application towards the root 
application, if the reference secret S does not exist 
15 within the parent application at level N(i-l) ; 

and so on as long\ as the existence of the 
reference secret S has not beW discovered ; 

(clO) refusing the funcrtion and terminating the 
verification if the secret has not been discovered. 



